Revision as of 22:36, 14 November 2013

ByWaf

ByWaf is a command-line tool for streamlining web application firewall
auditing. It consists of a command-line interpreter and a set of
plugins.

Introduction

Develop an application that streamlines the auditor's job when making a Pen Test.
It's main fuction is to detect, evade and display vulnerabilities.
The tool works using coding methods developed by our teammembers throughout their experience.

Description

The Bywaf application is built on Python's built-in cmd.Cmd class. Cmd
is a lightweight command interpreter loop that provides several useful
facilities for the developer, including overridable hook methods and
easy addition of commands and help. For the user, it offers
commandline editing with readline, including automatic tab completion
of commands, command options and filenames.

Bywaf contains a sub-classed version of Cmd called Wafterpreter, which
adds some important additions, including:

Wafterpreter employs a simple plugin system consisting of python
modules containing commands exposed to the user (functions starting
with "do_") and a dictionary of user-modifiable options ("options").

A number of Wafterpreter methods have been exposed to plugins,
allowing them to change the interpreter's behavior and access other
modules' options.

For notifications of changes in plugin options, Bywaf supports
callback functions. The Wafterpreter will call a function for a given
plugin option if it begins with "set_"; for example, for an option
like "FILENAME", the Wafterpreter will search for and call a
set_FILENAME(), if it exists. The Wafterpreter will also search for
and call "set_default()", if it exists, for any option that does not
have a specific setter function. Failing these attempts, Wafterpreter
will perform a direct assignment on the plugin's option.

Licensing

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
Rafael Gil any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.

Develop an application that streamlines the auditor's job when making a Pen Test. It's main fuction is to detect, evade and display vulnerabilities. The tool works using coding methods developed by our teammembers throughout their experience.